Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gpg2 for openSUSE:Factory checked in
at 2022-10-18 12:44:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gpg2 (Old)
and /work/SRC/openSUSE:Factory/.gpg2.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2"
Tue Oct 18 12:44:45 2022 rev:163 rq:1029595 version:2.3.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2022-08-10
17:12:37.949603455 +0200
+++ /work/SRC/openSUSE:Factory/.gpg2.new.2275/gpg2.changes 2022-10-18
12:45:10.921748617 +0200
@@ -1,0 +2,38 @@
+Mon Oct 17 11:35:11 UTC 2022 - Pedro Monreal <pmonr...@suse.com>
+
+- GnuPG 2.3.8:
+ * gpg: Do not consider unknown public keys as non-compliant while
+ decrypting.
+ * gpg: Avoid to emit a compliance mode line if Libgcrypt is
+ non-compliant.
+ * gpg: Improve --edit-key setpref command to ease c+p.
+ * gpg: Emit an ERROR status if --quick-set-primary-uid fails and
+ allow to pass the user ID by hash.
+ * gpg: Actually show symmetric+pubkey encrypted data as de-vs
+ compliant. Add extra compliance checks for symkey_enc packets.
+ * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit
+ preference.
+ * gpgsm: Fix reporting of bad passphrase error during PKCS#11
+ import.
+ * agent: Fix a regression in "READKEY --format=ssh".
+ * agent: New option --need-attr for KEYINFO.
+ * agent: New attribute "Remote-list" for use by KEYINFO.
+ * scd: Fix problem with Yubikey 5.4 firmware.
+ * dirmngr: Fix CRL Distribution Point fallback to other schemes.
+ * dirmngr: New LDAP server flag "areconly" (A-record-only).
+ * dirmngr: Fix upload of multiple keys for an LDAP server specified
+ using the colon format.
+ * dirmngr: Use LDAP schema v2 when a Base DN is specified.
+ * dirmngr: Avoid caching expired certificates.
+ * wkd: Fix path traversal attack in gpg-wks-server. Add the mail
+ address to the pending request data.
+ * wkd: New command --mirror for gpg-wks-client.
+ * gpg-auth: New tool for authentication.
+ * New common.conf option no-autostart.
+ * Silence warnings from AllowSetForegroundWindow unless
+ GNUPG_EXEC_DEBUG_FLAGS is used.
+ * Rebase gnupg-detect_FIPS_mode.patch
+ * Remove patch upstream:
+ - gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
+
+-------------------------------------------------------------------
Old:
----
gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
gnupg-2.3.7.tar.bz2
gnupg-2.3.7.tar.bz2.sig
New:
----
gnupg-2.3.8.tar.bz2
gnupg-2.3.8.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gpg2.spec ++++++
--- /var/tmp/diff_new_pack.IcRQle/_old 2022-10-18 12:45:11.865750766 +0200
+++ /var/tmp/diff_new_pack.IcRQle/_new 2022-10-18 12:45:11.869750775 +0200
@@ -17,7 +17,7 @@
Name: gpg2
-Version: 2.3.7
+Version: 2.3.8
Release: 0
Summary: File encryption, decryption, signature creation and
verification utility
License: GPL-3.0-or-later
@@ -39,7 +39,6 @@
Patch8:
gnupg-accept_subkeys_with_a_good_revocation_but_no_self-sig_during_import.patch
Patch9: gnupg-add-test-cases-for-import-without-uid.patch
Patch10:
gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
-Patch11:
gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
BuildRequires: expect
BuildRequires: fdupes
BuildRequires: ibmswtpm2
++++++ gnupg-2.3.7.tar.bz2 -> gnupg-2.3.8.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/gpg2/gnupg-2.3.7.tar.bz2
/work/SRC/openSUSE:Factory/.gpg2.new.2275/gnupg-2.3.8.tar.bz2 differ: char 11,
line 1
++++++ gnupg-detect_FIPS_mode.patch ++++++
--- /var/tmp/diff_new_pack.IcRQle/_old 2022-10-18 12:45:11.945750948 +0200
+++ /var/tmp/diff_new_pack.IcRQle/_new 2022-10-18 12:45:11.949750957 +0200
@@ -1,34 +1,18 @@
-Index: gnupg-2.1.1/g10/encrypt.c
+Index: gnupg-2.3.8/g10/mainproc.c
===================================================================
---- gnupg-2.1.1.orig/g10/encrypt.c
-+++ gnupg-2.1.1/g10/encrypt.c
-@@ -783,7 +783,10 @@ encrypt_filter (void *opaque, int contro
- /* Because 3DES is implicitly in the prefs, this can
- only happen if we do not have any public keys in
- the list. */
-- efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO;
-+ /* Libgcrypt manual says that gcry_version_check must be
called
-+ before calling gcry_fips_mode_active. */
-+ gcry_check_version (NULL);
-+ efx->cfx.dek->algo = gcry_fips_mode_active() ?
CIPHER_ALGO_AES : DEFAULT_CIPHER_ALGO;
- }
-
- /* In case 3DES has been selected, print a warning if
-Index: gnupg-2.1.1/g10/mainproc.c
-===================================================================
---- gnupg-2.1.1.orig/g10/mainproc.c
-+++ gnupg-2.1.1/g10/mainproc.c
-@@ -719,7 +719,12 @@ proc_plaintext( CTX c, PACKET *pkt )
+--- gnupg-2.3.8.orig/g10/mainproc.c
++++ gnupg-2.3.8/g10/mainproc.c
+@@ -1011,7 +1011,12 @@ proc_plaintext( CTX c, PACKET *pkt )
according to 2440, so hopefully it won't come up that often.
There is no good way to specify what algorithms to use in
that case, so these there are the historical answer. */
- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
+
+ /* Libgcrypt manual says that gcry_version_check must be called
-+ before calling gcry_fips_mode_active. */
++ * before calling gcry_fips_mode_active. */
+ gcry_check_version (NULL);
-+ if( !gcry_fips_mode_active() )
-+ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
++ if(!gcry_fips_mode_active())
++ gcry_md_enable(c->mfx.md, DIGEST_ALGO_RMD160);
gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
}
if (DBG_HASHING)
